From f71e583c5f2cef6aeafe70c3473ffbdfaaaca4c5 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 10 Dec 2021 11:39:58 +0100
Subject: [PATCH] refactor: src/runtime/ecdhes.ts

---
 src/lib/encrypt_key_management.ts |  4 ++--
 src/runtime/browser/ecdhes.ts     | 21 +++++----------------
 src/runtime/interfaces.d.ts       | 16 ----------------
 src/runtime/node/ecdhes.ts        | 19 +++++++------------
 4 files changed, 14 insertions(+), 46 deletions(-)

diff --git a/src/lib/encrypt_key_management.ts b/src/lib/encrypt_key_management.ts
index f21269b0..0b19fc69 100644
--- a/src/lib/encrypt_key_management.ts
+++ b/src/lib/encrypt_key_management.ts
@@ -46,8 +46,8 @@ async function encryptKeyManagement(
       }
       const { apu, apv } = providedParameters
       let { epk: ephemeralKey } = providedParameters
-      ephemeralKey ||= await ECDH.generateEpk(key)
-      const { x, y, crv, kty } = await exportJWK(ephemeralKey)
+      ephemeralKey ||= (await ECDH.generateEpk(key)).privateKey
+      const { x, y, crv, kty } = await exportJWK(ephemeralKey!)
       const sharedSecret = await ECDH.deriveKey(
         key,
         ephemeralKey,
diff --git a/src/runtime/browser/ecdhes.ts b/src/runtime/browser/ecdhes.ts
index 4919da99..3946383c 100644
--- a/src/runtime/browser/ecdhes.ts
+++ b/src/runtime/browser/ecdhes.ts
@@ -1,8 +1,3 @@
-import type {
-  EcdhAllowedFunction,
-  EcdhESDeriveKeyFunction,
-  GenerateEpkFunction,
-} from '../interfaces.d'
 import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js'
 import crypto, { isCryptoKey } from './webcrypto.js'
 import { checkEncCryptoKey } from '../../lib/crypto_key.js'
@@ -10,14 +5,14 @@ import digest from './digest.js'
 import invalidKeyInput from '../../lib/invalid_key_input.js'
 import { types } from './is_key_like.js'
 
-export const deriveKey: EcdhESDeriveKeyFunction = async (
+export async function deriveKey(
   publicKey: unknown,
   privateKey: unknown,
   algorithm: string,
   keyLength: number,
   apu: Uint8Array = new Uint8Array(0),
   apv: Uint8Array = new Uint8Array(0),
-) => {
+) {
   if (!isCryptoKey(publicKey)) {
     throw new TypeError(invalidKeyInput(publicKey, ...types))
   }
@@ -53,21 +48,15 @@ export const deriveKey: EcdhESDeriveKeyFunction = async (
   return concatKdf(digest, sharedSecret, keyLength, value)
 }
 
-export const generateEpk: GenerateEpkFunction = async (key: unknown) => {
+export async function generateEpk(key: unknown) {
   if (!isCryptoKey(key)) {
     throw new TypeError(invalidKeyInput(key, ...types))
   }
 
-  return (<{ publicKey: CryptoKey; privateKey: CryptoKey }>(
-    await crypto.subtle.generateKey(
-      { name: 'ECDH', namedCurve: (<EcKeyAlgorithm>key.algorithm).namedCurve },
-      true,
-      ['deriveBits'],
-    )
-  )).privateKey
+  return crypto.subtle.generateKey(<EcKeyAlgorithm>key.algorithm, true, ['deriveBits'])
 }
 
-export const ecdhAllowed: EcdhAllowedFunction = (key: unknown) => {
+export function ecdhAllowed(key: unknown) {
   if (!isCryptoKey(key)) {
     throw new TypeError(invalidKeyInput(key, ...types))
   }
diff --git a/src/runtime/interfaces.d.ts b/src/runtime/interfaces.d.ts
index 9bb3e704..a5462ae6 100644
--- a/src/runtime/interfaces.d.ts
+++ b/src/runtime/interfaces.d.ts
@@ -40,22 +40,6 @@ export interface Pbes2KWDecryptFunction {
     p2s: Uint8Array,
   ): Promise<Uint8Array>
 }
-export interface EcdhESDeriveKeyFunction {
-  (
-    publicKey: unknown,
-    privateKey: unknown,
-    enc: string,
-    keyLength: number,
-    apu?: Uint8Array,
-    apv?: Uint8Array,
-  ): AsyncOrSync<Uint8Array>
-}
-export interface EcdhAllowedFunction {
-  (key: unknown): boolean
-}
-export interface GenerateEpkFunction {
-  (key: unknown): Promise<KeyLike>
-}
 export interface EncryptFunction {
   (enc: string, plaintext: Uint8Array, cek: unknown, iv: Uint8Array, aad: Uint8Array): AsyncOrSync<{
     ciphertext: Uint8Array
diff --git a/src/runtime/node/ecdhes.ts b/src/runtime/node/ecdhes.ts
index 6a1646a9..88a3bb7e 100644
--- a/src/runtime/node/ecdhes.ts
+++ b/src/runtime/node/ecdhes.ts
@@ -1,11 +1,6 @@
 import { diffieHellman, generateKeyPair as generateKeyPairCb, KeyObject } from 'crypto'
 import { promisify } from 'util'
 
-import type {
-  EcdhAllowedFunction,
-  EcdhESDeriveKeyFunction,
-  GenerateEpkFunction,
-} from '../interfaces.d'
 import getNamedCurve from './get_named_curve.js'
 import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js'
 import digest from './digest.js'
@@ -18,14 +13,14 @@ import { types } from './is_key_like.js'
 
 const generateKeyPair = promisify(generateKeyPairCb)
 
-export const deriveKey: EcdhESDeriveKeyFunction = (
+export async function deriveKey(
   publicKee: unknown,
   privateKee: unknown,
   algorithm: string,
   keyLength: number,
   apu: Uint8Array = new Uint8Array(0),
   apv: Uint8Array = new Uint8Array(0),
-) => {
+) {
   let publicKey: KeyObject
   if (isCryptoKey(publicKee)) {
     checkEncCryptoKey(publicKee, 'ECDH-ES')
@@ -57,7 +52,7 @@ export const deriveKey: EcdhESDeriveKeyFunction = (
   return concatKdf(digest, sharedSecret, keyLength, value)
 }
 
-export const generateEpk: GenerateEpkFunction = async (kee: unknown) => {
+export async function generateEpk(kee: unknown) {
   let key: KeyObject
   if (isCryptoKey(kee)) {
     key = KeyObject.from(kee)
@@ -69,18 +64,18 @@ export const generateEpk: GenerateEpkFunction = async (kee: unknown) => {
 
   switch (key.asymmetricKeyType) {
     case 'x25519':
-      return (await generateKeyPair('x25519')).privateKey
+      return generateKeyPair('x25519')
     case 'x448': {
-      return (await generateKeyPair('x448')).privateKey
+      return generateKeyPair('x448')
     }
     case 'ec': {
       const namedCurve = getNamedCurve(key)
-      return (await generateKeyPair('ec', { namedCurve })).privateKey
+      return generateKeyPair('ec', { namedCurve })
     }
     default:
       throw new JOSENotSupported('Invalid or unsupported EPK')
   }
 }
 
-export const ecdhAllowed: EcdhAllowedFunction = (key: unknown) =>
+export const ecdhAllowed = (key: unknown) =>
   ['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes(getNamedCurve(key))